Feature #3504
closed
Firewall rules hit counter
Added by Travis Kreikemeier over 10 years ago.
Updated over 8 years ago.
Description
I'd like to request a hit counter for firewall rules. When viewing the rules, there would be a new column with a count of connection attempts that was accepted or denied by a rule. As well, a rule counter reset button to easily be reset a rule or all rules with a button.
Reasons for this:
1) Makes troubleshooting easier, you can see when a rule is properly being hit when you initiate traffic and the counter goes up for that rule.
2) Helps a firewall admin identify dead rules that are no longer needed during a firewall rule audit.
3) Helps to identify attacks against the network, narrowing it down to certain traffic more quickly by watching the counters.
4) Identifies hot rules that need to be moved to the top of the firewall list for optimization. I like to order my rules in order of usage where possible for performance reasons.
Files
- Target version deleted (
2.2)
- Affected Version deleted (
All)
with few modifications and a new function, I've got this result.
Is there any info about how often does pfctrl clean counters?
Is it related to /tmp/rules.debug call?
Marcello, that is awesome! The bytes, packets and states are a very nice touch. However, the evaluations is kind of not helpful. As that is incremented every time a rule is evaluated. Meaning if the rule was in front of a rule that allowed or disallowed the traffic, it would still have been counted as evaluated as it was inspected to see if it matched the traffic. I wish pf had a hit or action count. Or maybe it does and I am just not aware.
- Status changed from New to Resolved
- Target version set to 2.3
Marcello's change there has been implemented in 2.3. That addresses subject as best possible
Also available in: Atom
PDF